PraisonAI CLI automatically resolves @url mentions in prompt text and can read loopback URLs into model context

Summary PraisonAI's direct-prompt CLI automatically expands @url: mentions in raw prompt text before agent execution begins. If a prompt contains @url:, the CLI calls MentionsParser.process.... The @url: handler then performs a direct urllib.request.urlopen request to the attacker-controlled URL...

ml-toolkit-ts (>=1.0.0 <=1.0.3) potentially affected by unknown CVE via @ml-toolkit-ts/preprocessing (=1.0.1)

@ml-toolkit-ts/preprocessing NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @ml-toolkit-ts/preprocessing and may be impacted: - ml-toolkit-ts =1.0.0, =1.0.3 Source cves: unknown CVE Source advisory: OSV:MAL-2026-3601...

ml-toolkit-ts (>=1.0.0 <=1.0.3) potentially affected by CVE-2026-45321 via @ml-toolkit-ts/preprocessing (=1.0.1)

@ml-toolkit-ts/preprocessing NPM version =1.0.1 is affected by a known vulnerability. The following packages have a transitive dependency on @ml-toolkit-ts/preprocessing and may be impacted: - ml-toolkit-ts =1.0.0, =1.0.3 Source cves: CVE-2026-45321 Source advisory:...

Astra Linux - уязвимость в zabbix

JavaScript preprocessing can be exploited by attackers to gain access to the file system read-only access on behalf of the user “zabbix” on the Zabbix Server or Zabbix Proxy, potentially leading to unauthorized access to sensitive data...

Astra Linux - уязвимость в zabbix

JavaScript preprocessing, webhooks, and global scripts can lead to uncontrolled utilization of CPU, memory, and disk I/O resources. The ability to preprocess/webhook/configure and test global scripts is only available to Administrative roles Admin and Superadmin. Administrative privileges should...

CVE-2025-47390

Memory corruption while preprocessing IOCTL request in JPEG driver...

EUVD-2025-209225

Memory corruption while preprocessing IOCTL request in JPEG driver...

CVE-2025-47390

Memory corruption while preprocessing IOCTL request in JPEG driver...

CVE-2025-47390 Buffer Over-read in Camera

Memory corruption while preprocessing IOCTL request in JPEG driver...

CVE-2025-47390 Buffer Over-read in Camera

Memory corruption while preprocessing IOCTL request in JPEG driver...

CVE-2025-47390

CVE-2025-47390 describes memory corruption during preprocessing of an IOCTL request in the JPEG driver (also referenced as a Camera-related issue). The vulnerability is categorized with high impact (CVSSv3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H) and requires local access with low privileges; ther...

PT-2026-30636

Memory corruption while preprocessing IOCTL request in JPEG driver...

Machine Learning Transferability for Malware Detection

Malware continues to be a predominant operational risk for organizations, especially when obfuscation techniques are used to evade detection. Despite the ongoing efforts in the development of Machine Learning ML detection approaches, there is still a lack of feature compatibility in public...

Shape and Substance: Dual-Layer Side-Channel Attacks on Local Vision-Language Models

On-device Vision-Language Models VLMs promise data privacy via local execution. However, we show that the architectural shift toward Dynamic High-Resolution preprocessing e.g., AnyRes introduces an inherent algorithmic side-channel. Unlike static models, dynamic preprocessing decomposes images in...

CVE-2025-33249

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, a...

CVE-2025-33249

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, a...

CVE-2025-33249

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, a...

CVE-2025-33249

CVE-2025-33249 affects NVIDIA NeMo Framework on all platforms, specifically a vulnerability in a voice-preprocessing script that could allow attacker-crafted input to trigger code injection. The Red Hat advisories and NVIDIA bulletin corroborate a vulnerability with potential code execution, priv...

CVE-2025-33249

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, a...

CVE-2025-33249

NVIDIA NeMo Framework for all platforms contains a vulnerability in a voice-preprocessing script, where malicious input created by an attacker could cause a code injection. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, a...